From 81250fb6c34eeda161e068a58a33e8ba783c7f95 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sun, 8 Mar 2026 20:05:38 +0100
Subject: [PATCH] vlc: ignore CVE-2026-26227 and CVE-2026-26228

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227
https://nvd.nist.gov/vuln/detail/CVE-2026-26228

Both vulnerabilities affect only the Android version of VLC, not
the other ones. Because of this, ignore these CVEs.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-multimedia/recipes-multimedia/vlc/vlc_3.0.23.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.23.bb b/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.23.bb
index 6cf4877a17..8f728226c6 100644
--- a/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.23.bb
+++ b/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.23.bb
@@ -134,3 +134,6 @@ FILES:${PN}-staticdev += "\
 INSANE_SKIP:${PN} = "dev-so"
 
 EXCLUDE_FROM_WORLD = "${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "0", "1", d)}"
+
+CVE_STATUS[CVE-2026-26227] = "not-applicable-platform: the vulnerability is Android-specific"
+CVE_STATUS[CVE-2026-26228] = "not-applicable-platform: the vulnerability is Android-specific"